Introduction:

Abbreviated as Secure Sockets Layer, SSL is an encryption technology created by Netscape and is used to create an encrypted connection between your web server and web browser of the visitor, thereby building a pathway for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery. An SSL Certificate is required to be identified and installed on the server in order to enable SSL on a website. It is usually indicated by a padlock icon in web browsers but it can also be indicated by a green address bar. Upon having it installed, the site can be securely accessed by changing the URL from http:// to https://.

In order to establish an encrypted connection between a client and a server, an SSL certificate is are important. Webmasters build secure websites like e-commerce websites using encrypted connections, thereby preventing eavesdropping by providing extra protection.
Process of creating a self signed SSL Certificate:
SSL is said to use asymmetric cryptography or public key cryptography (PKI), where two keys are created, one public, one private. Anything which is encrypted with either of the two keys will only be decrypted with its corresponding key. Therefore if the private key of a server is used to encrypt a message or data stream, it can only be decrypted by using its corresponding public key, thereby ensuring that the data only could have come from the server. The following steps are to be followed to create a self-signed certificate:

Step 1: Generation of a Private Key:

In order to generate an RSA Private Key and CSR (Certificate Signing Request), the openssl toolkit is used, which can also be used to generate self-signed certificates for testing purposes or internal usage. The first step is to create your RSA Private Key, a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text. For this purpose, the following command may be used –

openssl genrsa -des3 -out server.key 1024

Step 2: Generation of a CSR (Certificate Signing Request):

Following the generation of a private key, a Certificate Signing Request (CSR) is to be generated. A CSR is reportedly used in one of two ways –

* First, it is sent to a Certificate Authority, such as Thawte or Verisign, wherein the requestor’s identity is verified, after which a signed certificate is issued.
* Second, the CSR is to be self-signed

A CSR may be generated by using the following command –

openssl req -new -key server.key -out server.csr

Step 3: Passphrase is removed from Key

One side-effect of the pass-phrased private key is that a pass-phrase is asked for each time the web server is started. Since it is inconvenient, an external program may be used in place of the built-in pass-phrase dialog, although it is not necessarily secure. The Triple-DES encryption can also be removed from the key, thereby eliminating the need to type in a pass-phrase. With the private key no longer encrypted, it is critical that only the root user reads this file. The corresponding certificate will need to be revoked, in case of a system compromise where a third party obtains the unencrypted private key. The following command may be used to remove the pass-phrase from the key:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Step 4: Generation of a Self-Signed Certificate

At this point, a self signed ssl certificate is to be generated. An error is generated in the client browser by this temporary certificate to the effect that the signing certificate authority is unknown and not trusted. The following command may be used to generate a temporary certificate –

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5: Installation of the Private Key and Certificate

With the installation of Apache with mod_ssl, several directories are created in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

Step 6: Configuration of SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Step 7: Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd stop

https://public.akadia.com

There is no chain of trust if you’re using self signed SSL certificates. The certificates have to sign by you and then you have to get them verified, you signing them alone will not help. The browser will show a warning by telling you that the web site certificates have not been verified. Therefore, you cannot use the self-signed certificates for professional purposes as none of them will trust your web site to be safe and so will they consider your company too.

To run a web site, self-signed SSL certificates is necessary by using the HTTPS protocol for a professional web site, you can buy a certificate and get it authorized from the concerned authorities, even higher and more credible certificates are signed.

Also, there is a problem by using a self-signed SSL certificate since every Web browser checks for an https connection and is signed by a particular CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will start popping up often cautioning the visitor and he might be your customer too.

The authority certificates tell customers that the server information has been verified by trusted sources. verisign is the most commonly used certificates by the CA. Depending upon which CA is used, the field is verified and certificates are issued. The CAs will verify the reality of your business site and the ownership of the area and provide a little more security and also assuring your customers that the site is legitimate.

Self-signed SSL certificates are “not trusted” because there were generated by your own server, it’s not authorized by any other authority, and you need to get your certificates authorized by a CA.
If you find Self-signed SSL certificates on the server before going through the process of installing your verified certificates, look for the steps to be followed on the internet. Internet is a source of wide range of information, there is nothing that can’t be found on the internet. So look for the available information and only then proceed.
Most of self signed SSL certificates were trusted only if they were authorized by a CA. SSL are self signed certificates created by the owner himself. Every ecommerce website should and must have SSL certificates in order gain popularity among their customers especially the ones accepting payment should have it.

It is a must if you have an online store or a business website created just to promote your business online, if you don’t have an authorized SSL certificates the browser will keep popping up saying this is not a trusted site and so on. Due to which not only your customers will lose trust in your site but there are chances that they may even lose trust on your store itself and consider it to be a fake site.
These are also popular for giving security and some kind of confidence to your customers wherein they are sure that your site could be trusted and so on.

SSL means secure socket layer it is a tool that is used in encrypting the data that is transmitted to the web server. The browser directly connects to the web server with SSL, the browser is asked by the server to prove its identity. The verification is normally done by a third party vendor that utilizes cryptography.

If you are trying to install a self-signed SSL certificates on your web server, and you can find  a lot of instructions on internet but for the correct and authenticate information  there are often only very less sources with  very little instructions, lacking  the critical  part of the information.

Again these SSL certificates are the ones that keep your site protected not just for your customers but also with the server where all your site information will be stored online and you will need a digital certificate.    You will be provided with it while purchasing your digital certificate itself.  These digital certificates are usually obtained from the third party authorities known as certificate authorities.    These certificates will protect you from fraudsters who pretend to the other server on your website.   With these certificates you are customers are bound to feel safe and secure and will definitely wish to use your site again and again.    So it is wise to get your SSL certificates done as soon as possible to ensure better safety and visibility of your site.